Technical,
The access to ICMP varies with each application.
I usually have some rules written limiting both TCP and ICMP connections for different applications.
The one I worry most about is IE (of course....whatelse is new)
Here are some suggested rules. You can configure XP to some degree to meet them by limiting port access.
Block all addresses for TCP 445 remote, both directions
Block all addresses for TCP 135-139 local, both directions
Block all addresses for UDP 135-139 remote and local, both directions
Block all addresses for ICMP Type 10 outgoing only!
Allow all addresses for ICMP Type 11 both directions
Block all addresses for UDP 67 Remote and 68 Outgoing, both directions
You can allow IE to access TCP 80, 443, 20 and 21 remote as well as 1024-5000 local.
These rules will curtail "hackins" using IE. However, you will notice that searches cannot be done directly from the address bar with XP with the ruleset. I use other search engines from links so I would rather have the protection in place. You can play with the ruleset I provided to see what you like and don't like.
These offer a modicum of protection for IE.
At your service,
techie